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Field of the invention 

The invention relates generally to the copy protection problem. More 
particularly, the invention relates to a device and a method for preventing illegal 
exportation of a content from a global copy protection system to a local copy 
5 protection system. 

Background art 

Copy Protection has been a hot topic for the last few yeara. First 
Copy Protection Systems (CPS) that have been studied rely on link encryption 
0 (see for example the "DTCP" proposal disclosed in "Digifa! Transmission Copy 
Protection Specification - Vol. 1 (Infomnational version) - Rev. 1.2 - July 11, 
2001" available at" ^ the following internet address 
ht^)U/mfwMcp,com/datarlnfo_Jttcp_v1_12J20010711.pc^f) or prerecorded / 
recordable media protection (see for example the "CPSA" proposal disclosed In 
5 "Content ProtecOon System Architecture, A Comprehensive Framewori< for 
Content Protection - rev 0,81 - February 17, 2000r available at the following 
Internet address h^:/AMww.4cenffty.com/dataAech/i^a/cpsa081.pdf), These 
systems will be called "local CPS" in the following of the description. 

The focus of Copy Protection has recentiy moved to a global security 
of the content through the home network and a new category of systems, that 
will be called "global CPS" in the following, has been investigated by 
normalization bodies (such as "DVB-CPT' or "TV-Anytlme" forum) and industry 
efforts (see for example the "SmartRight" proposal disclosed in "SmartRight 
Technical white paper- version 1.0- October 29, 2001"). 

Local CPS usually have four different usage mies: 

- "copy-free" (one may copy the content without any limitations). 

- "copy-never" (one may not copy the content), 

- "copy-once" (one may copy only once the content). 

- "copy-no-more" (one may not copy ttie content because it is the 
copy of a "oopy-once" content or an already copied "copy-once" 
content). 

However, because of implementation difficulties, the "copy-once" 
usage mie has often been replaced by "copy-one-generation" usage rule (one 
may copy only the original content), leading to a much wider possible use of the 
content than expected. 

Global CPS replace the "copy-once" or "copy-one-generation" and 
"copy-no-more" usage rules with the "private-copy" usage rule. The "private- 



copy" usage rule allows to make as many copies as desired but the copy will be 
only usable within the home network wherein it has been created. That usage 
rule Is easy to Implement and in line with both users and content owners 
Interests. 

5 One problem encountered with these systems Is due to the fact that 

global CPS coexist with local CPS. A user may want to export a "private-copy" 
content from a global CPS to a local CPS. For instance, a user may want to 
make a back-up copy from a "private-copy" content created In a global CPS on 
an optical disc (such as a DVD - acronym of "Digital Versatile Disc" - or a BRD 

10 - acronym of "Blu-Ray Disc") protected by a local CPS. The "private-copy 
usage mle In the global CPS is logically changed to the "copy-no-more" usage 
rule In local CPS. But this is insufficient since as many "oopy-no-more" copies 
as desired can be created from the "private-copy" content This feature is clearly 
In contradiction to the copy-no-more usage rule. " 

15 It Is therefore an object of the present Invention to provide a method 

ensuring that a content protected by a global CPS and labeled "private-copy" 
cannot be exported (as a "copy-no-more" content") an unlimited number of 
times to a local CPS. 

20 Summary of the invention 

The main idea of the invention is to associate a Content Unique 
Identifier (GUI) to any content entering a home network protected by a global 
CPS. This GUI will be checked when the content will leave the global CPS fop a- 
local CPS. 

25 More particularly, the invention relates to a device for preventing 

Illegal exportation of a content protected by a global copy protection system to a 
local copy protection system, characterized In that It each content liable to be 
exported contains a unique identifier and in that the device comprises a table for 
storing unique Identifiers of all contents that have already been exported 

30 through said device. 

The invention also relates to a method for recording a content 
received by a device as above-mentioned, characterized In that it comprises the 
steps consisting, if the copy is to be made for a local copy protection system, in 
checking whether the unique Identifier of said content is contained In the table 

35 of said device; and 

- should said checking be positive, In preventing the recorefing; and 



- should said checking be negative, in recording the content and 
storing the unique identifier in the table. 

Thanks to the invention, it is possible to control the number of local 
CPS-protected copies created from a global CPS-protected content 
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Brief description of the drawing s 

The various features and advantages of the present invention and its 
preferred embodiments will now be described with reference to the 
accompanying drawings which are intended to illustrate and not to limit the 
1 0 scope of the present invention and in which: 

- Fig. 1 Illustrates the environment of the invention and the principle 
of exportation of a content protected by a global CPS to a content protected by 
a local CPS; and 

- Fig. 2 Is a flowchart illustrating the behavior of a device carrying out 
15 the exportation process. 

Description of the orefenred embodimente 

Fig. 1 illustrates the environment of the invention. It may be for 
example a digital home networic 1 protected by a global CPS, this neiworic 
20 comprising two Access Devices 12» 13 and two Recorder Devices 14, 15 linked 
together by a digital bus 1 6. 

The principles of protection of the data by the global CPS in the 
home network are disclosed in document FR-A-2 792 482 and In a French 
patent appficatlon No. 01 05668 filed April 25, 2001 by the appHcant THOMSON 
25 Licensing S.A.. 

Interactions between local and global CPS are ensured thanks to the 
following devices: 

- the Access Devices that receive local CPS-protected contents from 
the outside of the network and convert them into global CPS- 

30 protected contents; and 

- the Recorder Devices that create either global CPS-protected copies 
10 or local CPS-protected copies 1 1 . 

We will now describe more partlculariy the Access Devices behavior 
35 and the Recorder Devices behavior according to the principles of the Invention. 



1. Access Devices behavior 




Each time an Access Device is required to convert a local CPS- 
protecled content it receives from the outside of the network into a new global 
CPS-protected content, it generates a Content Unique Identifier associated with 
this new content. It then Inserts the GUI In the content, preferably in a part of the 
5 content protected by encryption or authentication. 

The GUI may be "probably unique" (for example a large size random 
number generated by a pseudo-random generator) or "actually unique", in the 
latter case. Access Devices should be given a unique Identifier at their 
installation In the network. This identifier will be the first part of the GUI. The 
10 second part will be a counter maintained by the Access Device. The GUI Is 
preferably at least 80 bits long. 

2. Recorder Devices behavior 
This behavior is illustrated by the flowchart of Fig. 2. 
15 A Recorder Device is capable of recording a content having a 

"piivate^py" status and created In the network protected by the global GPS to 
create a local GPS-protected copy of this content 

According to the Invention, each Recorder Device has a Gontent 
Exportation Table (GET) storing all the GUIs of local GPS-protected content that 
20 have already been created. This GET is preferably stored in a protected 
memory of the Recorder Device. 

As illustrated in Fig. 2, each time the recorder device is requested to 
. create a new copy of a "private-copy content (step 20). if the copy remains 
global CPS-protected (i.e. the copy is destined to be used In the home network 
25 1 protected by the global GPS), then the recorder simply duplicates this content 
(step 22). Othenwise, if the new copy is a local GPS-protected content (i.e. a 
copy to be used outside the network 1 in another system protected by a local 
CPS) then, the Recorder Device first extracts the GUI from the content and 
checks whether it Is already in its GET or not (step 24). If so. the content is 
30 blocked and the copy does not takes place (step 26). Else, the Recorder Device 
adds the GUI in the GET and creates the copy. The local GPS should treat the 
copy as a "copy^no-more" or "copy-never' content. 

it is also possible to allow the Recorder Device to make more than a 
single local GPS-protected copy of a given "private-copy" content In this case, 
35 the GET will store with each GUI, a counter of the number of local CPS- 
protected copies made for this content, this counter being incremented each 
time a local GPS-protected copy is made for this content. When the maximum 




number of allowed copies is reached for a given content, then the Recorder 
Device will not make any more local CPS-protected copy of this content. 

According to a variant embodiment, only a limited number of 
5 Recorder Devices is authorized to make copies protected by a local CPS In a 
home network such as network 1. Preferably, only one Recorder Device per 
network Is authorized to make copies protected by a specific local CPS. These 
Recorder Devices are called exportation devices. In Fig. 1. Recorder Device 15 
is an exportation device. The Recorder Devices that can create only global 
10 CPS-protected copies are called storage units. Recorder Device 14 of Fig.1 Is a 
storage unit. In this preferred embodiment, only the exportation devices have a 
CET for storing the CUI of contents already copied with a local CPS protection. 

We suppose now that the global CPS is the SmartRlght™ system 
15 (SmartRight Is a trademark of THOMSON multimedia) disclosed In the 
documents previously mentioned (document FR-A-2 792 482 and application 
No. 01 05568 of THOMSON Licensing S,A.) and In a further French patent 
application No. 01 11078 filed August 24, 2001 in the name of THOMSON 
Licensing S.A.. 

20 The Access Devices illustrated In Fig. 1 comprise converter cards 

(not illustrated In Fig. 1) which are In charge of creating messages called LECM 
(acronym of "Local Entitlement Control Message"). The LECMs contain control 
words CW which are used to scramble the content entering the home network 
through an Access Device. These CW are contained in a part of the LECM 

25 Which is protected (preferably by encryption with a key or with keys specific to 
the network). 

According to the present Invention, the converter card randomly 
chooses the CUI during the LECM building step when a content is received In 
the network by an Access Device. The CUI is then placed in the protected part 
30 of the LECM. 

Recorder Device 15 which Is an exportation device comprises a 
terminal card (not Illustrated). This temninal card is a smart card, i.e. a card with 
a secure microprocessor, containing the key(s) necessary to decrypt the 
protected part of the LECM and it furthermore contains, according to the 
35 invention, the CET for storing the CUI of the contents already copied by 
Recorder Device 15 with a local CPS protection. 

When Recorder Device 1 5 receives a new content (having a "private- 
copy" status) to be exported (I.e. to be used to perfomri a local CPS-protected 
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copy of this content), its terminal card first checks whether the GUI contained in 
the first LECM associated with this content is already in its GET or not. If yes, 
thetennlnal will output a message fbrblding the copy. Else, It will add the GUI In 
the GET and then output a message authorizing the copy. 

Preferably, the GET Is not erased after a terminal card reinltiarization. 



CLAIMS 



1 . Device (1 5) for preventing illegal exportation of a content protected 
5 by a global copy protection system to a local copy protection system, 

characterized in that it each content liable to be exported contains a unique 
identifier (GUI) and In that the device (15) comprises a table (GET) for storing 
unique identifiers of all contents that have already been exported through said 
device. 

10 

2. IVIethod for recording a content received by a device according to 
claim 1, characteri2ed in that it comprises the steps consisting, , if the copy is to 
be made for a local copy protection system, in: 

checkir^ whether the unique identifier (GUI) of said content is 
15 contained in the teble (GET) of said device; and 

- should said checking be positive, then preventing the recording; 
and 

- should said checking be negative, then recording the content and 
storing sakJ unique identifier (GUI) In sakl table. 

20 




ABSTRACT 



Secure exportation from a global copy protection system to a local copy 

protection system 

5 

The invention relates to a device (15) for preventing illegal 
exportation of a content protected by a global copy protection system to a local 
copy protection system. According to the invention, each content liable to be 
exported contains a unique identifier (GUI) and the device (15) comprises a 

10 table (GET) for storing unique identifiers of all contents that have already been 
exported through said device. 

The Invention also relates to a method for recording a content 
received by such a device. This method comprises the steps consisting, if the 
copy is to be made for a local copy protection system, in checking whetiier the 

15 unique identifier (GUI) of said content is contained in the table (GET) of said 
device; and 

- should said checking be positive, in preventing the recording; and 

- should said checking be negative, in recording the content and 
storing said unique Identifier (GUI) in said table. 

20 
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